In an example scenario, a method is implemented for message authentication between devices. A client device generates a message authentication code (MAC) by hashing a message with a shared secret key stored in the client device and transmits the message together with the MAC to a host device. The shared secret key is also stored in the host device. The host device verifies the message by generating a MAC using the received message and the stored shared secret. If the received MAC and the generated MAC are equal, the message is authenticated. However, an attacker could fake secure boot of the client device and still utilize the message authentication method for a faked system to work properly, e.g., communicate with the host device, which could cause fraudulent operation.